
(Currently amended) A method for enabling *e use by a browser of valid aulhcnticalion 
certificates in relation to a imnsacHon bet ween the browser and a server when the a 
private key and public key of a a ny o f t he certifying auUi o i i t ics hav e authority of t|ie 
server has expired* comprising: 

th e &atd ceiiifying au t li o rity; 

yie&enting ihc receiving an original vaKd authentication certificate along together: 
with the hdid a server certifying autliority chain (SCAQ certificate by the scrverhHhc 
browser from the server during the a SSL handshake between the browser and the server , 
said SCAC certificate having been nrcvioi i^lv obtained bv the server fiom thp certifying 
authoritv fMIl 

dccLpting the lratud>.liuit by lU biu^vsci ' aflci vuif i catl o n of verifying by the 
browser the original authentication certificate using the expired public key of the 

certifying authOTity[[.]]i and 

verifying hv the browser Hie said SCAC certificate using the a new public key of 

the stmi certifying aulhority. 



2. (CuiTcntly amended) [[A]l The method a t. Lldiiued in of claim U wherein the smd-server 
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c cttif^lufe AulUm - Ity chiri irtSCAC[[)]] certificate is obtained by each fee server whenever 
the certifying authority invaUdates its public key, yberetn the certificate is obtained by: 

contacting the certifying authority using the server's private key for authentication 
to make a request for the SCAC certificate Ff .11; 

verifying the request by the certifying authority using the server's public kcy[[,]]i 

generating the SCAC certificate by the certifying authority using itls^ new private 
key nUhc. certifvinfi authority and forwarding the SCAC cei-lificate to the stmJ sei-ver. 



(Currently amended) [[A]] Jhe method ah daiinuliii of claim 2 wherein the generating or 
the said SCAC certificate includes ll i u auUiuiliLdtiuu of ^ythenticatins the server name^ 
and the server public key, old certifying autliority public key, and cerUfying authority 
name. 

(Currently amended) [[A]] The method as-daimed-tn of claim l^whcrcmlurther 
f^mii prisinp issuing bv the certifying authority in cas^^ o f oli t iiU will ala u a chent 
LuliJicaLj. Known afi (CCAC) certificate[[s]], whidi wiU w o ik Qit ^aiiic v/ix y as (GCAC) 
, ■ if in . cat,4 rrAr certificate Heine fnnctio n allv the same as th e SCAC certificate 
siihi >.ct to the roles f>f the brow ser and the server being interchange^. 

5. (Currently amended) [[A]] The method as claimed in of claim 1, wherein during SSb 
handshake when the cliuil yitsuits its cutifi^alL, it will ah o method fiirthey comprises 
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presenting the CCAC certificate to ihe server during The handshake. 

(Original) In an arrangement of networked server and browser systems conducting secure 
transactions and mdnding a certifying authority for authenticating such transactions, 
characterized in that it includes a means for authenticating transactions when Hie public 
and private key of the said certifying authority have expired but Uie authentication 
cerli ftcates of any of server or browser systems is still valid, comprising: 

a means for tlie server to obtain a certifying authority chain certificate using the 
new private key of the certifying authority, 

a means for presenting the said certifying authority chain certificate together with 
the original authentication certificate, to tlie browser,, 

a means for verifying the original authentication certificate using the expired 
public key of the certifying authority, and verifying the certifying authority cliain 
certificate usmg the new certifying authority public key by the browser. 



7, (Canceled) 

8. (Canceled) 

9. (Canceled) 

10, (Canceled) 
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1 1 . (New) The method of claim 1 , further coraprising accepting the transaction by the 
browser after said verifying the original authentication certificate and aller said verifying 
the SCAC certificate. 

1 2. (New) The method of claim 1 , wherein obtaining the SCAC certificate comprises using 
the new private key of the certifying authority. 

1 3. (New) A system for enabling use by a browser of valid authentication cerli ficates in 
relation to a transaction between the browser and a server when a private key and public 
key of a certifying authority of the server has expired^ comprising: 

means for receiving an original authentication certificate together with a server 
certifying authority chain (SCAC) certificate by the browser firom the server during a SSL 
handshake between the browser and tlie server, said SCAC certificate having been 
previously obtained by tlie server from the certifying authority; 

means for verifying by the browser the original authentication certificate using the 
expired public key of the certifying authority, and 

means for verifying by the browser the SCAC certificate using a new public key 
of the certifying authority. 

14. (New) The system of claim 13. wherein the SCAC certificate is obtauied by the server 
whenever the certifying authority invahdates its public key, wherein tlie certificate is 
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obtained by: 

means for contacting the certifying authority using the server's private key for 
authentication to make a request for the SCAC certificate; 

means for verifying the request by the certifying authority using the server's 

public key; and 

means for generating the SCAC certificate by the certifying authority using it's a 
new private key of die certifying audiority and forwarding the SCAC certificate to the 



/~\ i server. 



15. (New) The system of claim 13, wherein said means for generating the SCAC certificate 
includes means for authenticating the server name, the server public key, old ceiti lying 
authority public key, and certifying authority name. 

16. (New) The system of claim 15, further comprising means for issuing by tlie certifying 
authority a clicnt(CCAC) certificate, said CCAC certificate being functionally tlie same 
as the SCAC certificate subject to the roles of the browser and the server being 
interchanged. 

17. (New) The system of claim 1 3, wherein the system further comprises means for 
presenting the CCAC certificate to the server during the handshake. 

18. (New) The system of claim 13, furtlier comprising means for accepting tlie transaction by 
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the browser in conjunction with said means for verifying the original autlientication 
certificate and in conjunction witli said means for verifying the SCAC certificate. 



19. (New) The system of claim 13, wherein said means for obtaining the SCAC certificate 
comprises use of the new private key of the certifying authority. 



7 
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